Generally, computer applications run by executing object code. The object code controls the actions of the computer systems on which it is run. Such code may be made public or otherwise made accessible by its authors, for example by publishing the original source code that was compiled to create the object code. When software is sold publicly, the object code will be accessible for analysis by others. The original authors may also choose to make the object code more accessible by other programmers by including “debug symbols” which are data files which help to describe the structure of the object code so that users of the object code can debug their own programs. However, for some uses, it is advisable to protect code, including object code, from examination by possible adversaries. For example, where the code represents the best available implementation of a particular algorithm, the code itself may represent a trade secret. In another example, where code is used to secure content, it may be useful to protect the code in order to ensure the security of the content from an adversary.
Maintaining the security of content may be useful in many contexts. One such context is where the content is private information, for example, financial information about a computer user, user passwords, or other personal information. Another context in which maintaining the security of content is useful is when the secure content is content which is to be used only in a limited way. For example, copyrighted content may be protected by requiring a license for use.
License provisions may be enforced for secure content by a digital rights management (DRM) application. In some DRM applications, content is stored only in an encrypted form, and then decrypted for use according to an electronic license which defines the specific user's rights to use the content. Some or all of the code and associated decryption data which decrypts the encrypted content is therefore protected, because if this code which accesses the copyrighted context is compromised, it may be possible to access the copyright outside of the bounds of the electronic license, for unlicensed uses.
Code which protects sensitive information or performs other sensitive operations is, in some contexts, referred to as a “black box.” The black box may include hardware elements along with software elements. When a black box (or other sensitive code) is being used on a computer system, an adversary may use several means in order to attempt to compromise the security of the operations of the black box. For example, an adversary may attempt to trace the code running in the black box. One way in which an adversary may attempt to do this is by using a debugger to track the progress of the code. Another way an adversary may attempt to compromise the security of the black box is by making modifications to the code in order to provide access to the secure content to the adversary.
There are numerous tools for discouraging static analysis of binary images of code. Static analysis is analysis of the code when it is not executing. For example, certain of these tools for discouraging static analysis allow sections of binaries to be rendered unreadable at or after compile time. For example, some tools encrypt sections of the binary. Thus, before run-time, the binary is unreadable. When the code is to be run, the code is returned to its original state, e.g. by decryption where the modification was encryption. Therefore, an adversary will not be able to perform a static analysis on the binary, but the code will function properly when it is decrypted for execution.
Increasingly, however, dynamic analysis tools and dynamic analyzers integrated with debuggers are being created and used. Such tools allow an adversary to examine code as it is executing. Because the code, as it is executing, has been returned to its unmodified state (e.g. by decryption) it can be analyzed by an adversary using techniques that exist for static analysis. Therefore, static analysis prevention tools such as encryption of binaries are not effective protection for sensitive code, which must be protected from both static and dynamic disassembly techniques.
In view of the foregoing, there is a need for a system that overcomes the drawbacks of the prior art.